emo/sysklogd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
183 Commits 1 Branch 0 Tags 1.1 MiB
C 86.5%
Shell 7.3%
Makefile 3.7%
M4 2.5%
5b156a9033
Go to file
mancha 5b156a9033 Bugfix against minor vulnerability caused by invalid PRI value (CVE-2014-3634) 
Rainer Gerhards, rsyslog project leader, discovered an issue in rsyslogd
where invalid priority values can trigger DoS and potentially RCE.

As his analysis reveals, the cause of the problem identified in rsyslog's
rsyslogd also exists in sysklogd's syslogd (from which rsyslogd was forked)
and stems from the use of a (LOG_FACMASK|LOG_PRIMASK) mask to detect invalid
priority values.

In sysklogd's syslogd, invalid priority values between 192 and 1023 (directly
or arrived at via overflow wraparound) can propagate through code causing
out-of-bounds access to the f_pmask array within the 'filed' structure by up
to 104 bytes past its end. Though most likely insufficient to reach
unallocated memory because there are around 544 bytes past f_pmask in 'filed'
(mod packing and other differences), incorrect access of fields at higher
positions of the 'filed' structure definition can cause unexpected behavior
including message mis-classification, forwarding issues, message loss,
or other.

This patch imposes a restriction on PRI message parts and requires they
be properly-delimited priority value strings that have non-negative
numerical values not exceeding 191. As before, sysklogd's syslogd permits
zero padding to not break compatibility with RFC-non-compliant loggers that
issue PRIs such as <0091>. Messages without well-formed PRI parts get
logged with priority user.notice (13). (c.f. RFC 3164)

Thanks to Rainer Gerhards for the initial report and analysis.
2014-10-04 21:34:41 +02:00
ANNOUNCE * ``-m 0'' turns off -- MARK -- now. (closes: Bug#28629, Bug#31494) 1999-01-19 00:09:12 +00:00
CHANGES Replace strcpy with memmove to fix continuation line problems 2010-09-10 08:50:59 +02:00
COPYING Import of bare source for 1.3 1997-06-02 17:21:41 +00:00
INSTALL Import of bare source for 1.3 1997-06-02 17:21:41 +00:00
klogd.8 Improvements 2007-05-28 17:25:43 +00:00
klogd.c Beautification of the output 2007-06-17 19:21:55 +00:00
klogd.h Added patch from Leland Olds which fixes a buffer overrun and improved 1997-06-13 09:35:55 +00:00
ksym_mod.c Remove faulty fclose() call. Thanks to Andrea Morandi and Sean Young. 2008-07-04 14:48:42 +00:00
ksym.c Beautification of the output 2007-06-17 19:21:55 +00:00
ksyms.h Added patch from Leland Olds which fixes a buffer overrun and improved 1997-06-13 09:35:55 +00:00
Makefile IPv6 support 2009-12-24 20:19:00 +01:00
MANIFEST Included upstream patches for 1.3.1 to 1.3.3 and modified debian/rules 1997-06-13 07:42:20 +00:00
module.h Removed several structs not used anymore. 2007-05-28 15:24:57 +00:00
modutils.patch Added patch from Leland Olds which fixes a buffer overrun and improved 1997-06-13 09:35:55 +00:00
NEWS Last preparation for 1.4 2000-09-17 19:44:52 +00:00
oops.c Complete rewrite of the oops kernel module for Linux 2.6 2007-05-30 15:27:13 +00:00
pidfile.c Whoops, looks like O_TRUNC was missing when opening the file, 2003-09-28 02:38:18 +00:00
pidfile.h Corrected FSFs address (lintian) 1998-02-10 22:37:14 +00:00
README.1st Added a description of system log level and link to sysctl(8) 2006-05-25 08:11:49 +00:00
README.linux Documentation improvements by Greg Trounson <gregt@maths.otago.ac.nz> 2004-07-09 17:22:29 +00:00
sysklogd.8 IPv6 support 2009-12-24 20:19:00 +01:00
syslog_tst.c Properly use format strings 2006-09-18 09:56:13 +00:00
syslog-tst.conf Import of bare source for 1.3 1997-06-02 17:21:41 +00:00
syslog.c Improved patch by Michael Pomraning <mjp@securepipe.com> to reconnect 2003-08-27 15:56:01 +00:00
syslog.conf Upgrading to version 1.3-15 from the archive 1997-06-02 17:42:34 +00:00
syslog.conf.5 Documentation update 2009-11-27 21:54:06 +01:00
syslogd.8 Import of bare source for 1.3 1997-06-02 17:21:41 +00:00
syslogd.c Bugfix against minor vulnerability caused by invalid PRI value (CVE-2014-3634) 2014-10-04 21:34:41 +02:00
version.h Preparation for version 1.5 2007-07-04 17:35:22 +00:00

README.linux 

Welcome to the sysklogd package for Linux.  All the utility
documentation has now been moved into the man pages.  Please review
these carefully before proceeding.

Version 1.3 of the package is the culmination of about two years of
experience and bug reports on the 1.2 version from both the INTERNET
and our corporate Linux networks.  The utilities in this package should
provide VERY reliable system logging.  Klogd and syslogd have both
been stress tested in kernel development environments where literally
hundreds of megabytes of kernel messages have been blasted through
them.  If either utility should fail the development team would
appreciate debug information so that the bug can be reproduced and
squashed.

Both utilities (syslogd, klogd) can be either run from init or started
as part of the rc.* sequence.  Caution should be used when starting
these utilities from init since the default configuration is for both of
these utilities to auto-background themselves.  Depending on the
version of init being used this could either result in the process
table being filled or at least 10 copies of the daemon being started.
If auto-backgrounding is NOT desired the command line option -n should
be used to disable the auto-fork feature.

I have found work on the sysklogd package to be an interesting example
of the powers of the INTERNET.  Stephen, Juha, Shane, Martin and
myself have successfully collaborated on the development of this
package without ever having met each other, in fact we could pass on
the street without realizing it.  What I have developed is a profound
respect for the personal capabilities of each one of these
individuals.  Perhaps the greatest `Linux Legacy' will be that its
development/enhancement is truly an example of the powers of
international cooperation through the worldwide INTERNET.

We would be interested in keeping track of any and all bug
fixes/changes that are made.  At the time that work was started on the
sysklogd package the syslog(d) sources seemed to have fallen into
neglect.  This work started with and continues the believe that it is
important to maintain consistent standardized system utilities
sources.  Hopefully the Linux community will find these sources to be
a useful addition to the software gene pool.

There is a mailing list covering this package and syslog in general.
The lists address is infodrom-sysklogd@lists.infodrom.org .  To subscribe send a
mail to majordomo@lists.infodrom.org with a line "subscribe infodrom-sysklogd"
in the message body.

A second mailing list exists as infodrom-sysklogd-cvs@lists.infodrom.org.  Only
CVS messages and diffs are distributed there. Whenever new code is added to
sysklogd, CVS generates a mail from these changes which will be sent to
this list.  Discussions will take place on the first list.

The latest version of this software can be found at:
http://www.infodrom.org/projects/sysklogd/download.php3

Best regards,

Dr. Wettstein
Oncology Research Division Computing Facility
Roger Maris Cancer Center
Fargo, ND
greg@wind.enjellic.com

Stephen Tweedie
Department of Computer Science
Edinburgh University, Scotland

Juha Virtanen
jiivee@hut.fi

Shane Alderton
shane@ion.apana.org.au

Martin Schulze
Infodrom Oldenburg
joey@infodrom.org

And a number of bug reporters whose contributions cannot be underestimated.